7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
MULTIPLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:M/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
69.1%
Medium
Canonical Ubuntu
Alexander Lakhin discovered that PostgreSQL incorrectly handled certain CREATE privileges. An authenticated user could possibly use this issue to execute arbitrary code as the bootstrap supervisor. (CVE-2023-2454) Wolfgang Walther discovered that PostgreSQL incorrectly handled certain row security policies. An authenticated user could possibly use this issue to complete otherwise forbidden reads and modifications. (CVE-2023-2455) Update Instructions: Run sudo pro fix USN-6104-1
to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postgresql-server-dev-10 – 10.23-0ubuntu0.18.04.2 postgresql-10 – 10.23-0ubuntu0.18.04.2 libecpg6 – 10.23-0ubuntu0.18.04.2 libpq5 – 10.23-0ubuntu0.18.04.2 libpgtypes3 – 10.23-0ubuntu0.18.04.2 postgresql-pltcl-10 – 10.23-0ubuntu0.18.04.2 postgresql-plperl-10 – 10.23-0ubuntu0.18.04.2 libecpg-dev – 10.23-0ubuntu0.18.04.2 postgresql-plpython3-10 – 10.23-0ubuntu0.18.04.2 libpq-dev – 10.23-0ubuntu0.18.04.2 postgresql-plpython-10 – 10.23-0ubuntu0.18.04.2 postgresql-doc-10 – 10.23-0ubuntu0.18.04.2 postgresql-client-10 – 10.23-0ubuntu0.18.04.2 libecpg-compat3 – 10.23-0ubuntu0.18.04.2 No subscription required
CVEs contained in this USN include: CVE-2023-2454, CVE-2023-2455.
Severity is medium unless otherwise noted.
Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:
2023-06-30: Initial vulnerability report published.
CPE | Name | Operator | Version |
---|---|---|---|
cflinuxfs3 | lt | 0.369.0 | |
cflinuxfs4 | lt | 1.12.0 | |
cf deployment | lt | 30.1.0 |
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
MULTIPLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:M/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
69.1%